OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 1 O F 31 



3 '< 



PLAINTEXT (PLAINTEXT) 
2 2 I 2 | 2 



4^ S~ 



=4= 



MDS H 



MDS H 



-2 

-4 

-^5 



fig. 1 



I t 

CIPHERTEXT (CIPHERTEXT) 



1 1 21 22 2 1 

2i4 a^d5 " 

2Q-- I MD$L 1 
22- j-Q p q ^ 



12 



13 



14 



□ □□□ 
20} l MDSl I 

□ □□□ 



gang 

I MDSl I 



□ □□□ 



20-4 MDSl 



□ □□□ 



21 22 21 



15 



MDSh 



16 



17 



1,8 



19 



20 - i MDSL I 



20 ^ MDSL i 
□ □□0 



□ □□□ 



20- 4 MDSl 



□ □□□ 



20- ^ MDSL I 



FIG.2 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 2 O F 31 



OVERALL 



HIGHER-LEVEL 
STRUCTURE 
(STAGE FUNCTION) 



FINAL PROCESS 



LOWER-LEVEL 
STRUCTURE 
(EXTENDED S-BOX) 

HIGHER-LEVEL MDS 

LOWER-LEVEL 
STRUCTURE 
KEY ADDITION 



KEY ADDITION 
S-BOX LAYER 
LOWER-LEVEL 
MDS 

KEY ADDITION 
S-BOX LAYER 



FIG.3 



102 
104 



101 P 
} 103 103-jr128 103 103 



3nir 



XS XS 



MDSu 



tl28 



101 

/ 103 103 | 103 103 



102 
104 



n^i r>4i n^i n^i 



MDS|_j 



103 103 



102- 

FIG. 



103 103 



XS XS XS XS 



--128 



105-Q 



128 



128 

-y — 



256 

— 7^- 



<R-1 



256 



P256 





256 

— ? — 1 









-256 



KS R _-| —121 



KS R -121 
KS R+1 -121 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 3 O F 31 



s[256] = { 






























72 


AA 


49 


16 


1E 


3A 


43 


AE 


66 


BC 


00 


73 


79 


3B 


FB 


9F 


69 


6A 


A2 


50 


6E 


F5 


EF 


AC 


22 


02 


AD 


26 


E2 


DF 


97 


FO 


9E 


BF 


17 


8B 


FA 


7C 


F4 


71 


7F 


CA 


F6 


52 


FD 


C3 


E5 


64 


53 


8D 


E0 


F3 


OF 


78 


CB 


9B 


68 


3C 


OD 


1F 


89 


B6 


EB 


F7 


44 


4A 


06 


A6 


56 


6B 


85 


01 


30 


88 


51 


31 


9C 


AO 


A3 


25 


60 


5B 


FF 


05 


B7 


91 


15 


B3 


A9 


20 


03 


2B 


61 


42 


95 


4D 


F9 


7E 


0E 


E9 


D8 


F1 


46 


99 


CE 


BE 


D9 


54 


80 


BO 


D2 


4F 


7A 
/A 


to 


35 


92 


1B 


7B 


12 


D6 


4C 


D5 


E7 


EE 


B1 


24 


DE 


21 


04 


10 


AB 


29 


9A 


81 


FE 


A7 


B8 


63 


28 


OA 


8A 


D1 


C6 


07 


B9 


C8 


98 


82 


74 


9D 


84 


47 


94 


C7 


6C 


11 


D7 


BA 


C1 


C9 


DD 


77 


39 


2F 


2E 


C2 


67 


41 


E4 


58 


34 


CD 


1C 


93 


96 


7D 


2C 


F8 


B5 


70 


14 


08 


DC 


CC 


87 


DO 


5E 


32 


C5 


C4 


59 


3E 


CF 


55 


5C 


23 


75 


2D 


2A 


86 


4B 


1D 


5F 


E6 


FC 


B2 


4E 


09 


27 


AF 


19 


B4 


BD 


6D 


3D 


6F 


ED 


62 


EA 


F2 


D3 


36 


38 


DB 


BB 


83 


45 


37 


A4 


EC 


8C 


5D 


E1 


33 


90 


A1 


40 


8E 


1A 


A5 


OB 


3F 


5A 


DA 


13 


76 


OC 


CO 


48 


E3 


65 


A8 


18 


8F 


D4 


57 } 












FIG. 


5 








/ 

112 









8 32 



111 

103— H 
112 



113-sl 



I I y T I 



k? [j] 



MDS L 



111 fx X X X 

m\{jh [in nh fs 



32 B 



i=1.2.3.4 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET _4_ OF 31 



FIG. 7 



x 1 x 2 x 3 H 





( 6C 


25 


9B 


03 




MDS L = 


6D 


06 


C8 


18 




75 


78 


9E 


1F 






U2 


78 


EB 


61 J 





7^ 

y 2 



-113 







/ 




y 2 












l y 4/ 


\ 



6D 06 C8 18 
75 78 9E 1F 



\ 




\ 




x 2 






x 3 




/ 


l x 4y 


/ 



32 




32 >32 



103-jHXS| I XS | | XS J | XS 



32 256 , 



FIG.8 



104-U 



MDS, 



H 



— 101 



FIG.9 



~f 32 "^32 ^32 ^32 
x 1 x 2 x 3 x 4 





(05 


19 


06 


1B N 




MDS H = 


1B 


05 


19 


06 




06 


1B 


05 


19 






U9 


06 


1B 


05/ 





|32 |32 ^32 ^32~ 

yi y2 y3 y4 



-104 



/ 


f y 0 


/ 




y 2 






V3 






l y 4; 


\ 



05 19 06 1B 
1B 05 19 06 

06 1B 05 19 
19 06 1B 05 



\ 


IV 


\ 




x 2 






x 3 




/ 


l x 4, 


/ 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET _5_ OF 31 



103 



(8b it) 



(4b it) 

X1 r 



1 04-1 - 



yl - 

(4b it) 



103 



103 103 103 

\ \ i 



x2 



x3 



x4* 



MDS H = 



3112 
2311 
1231 

J 123 , 
y3^4 y4^4 



104-8- 



103 yC= ^ 



3112 
2311 
1231 
1 123^ 



103 

ri 



32b i t 32bit 32b i t 



32b it 



yl 








f x1 l 


y2 




2311 




x2 


y3 




1231 




x3 


y4 




1^11 23 J 




x4 



FIG. 10 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 6 O F 31 



128 



I 

131- 
| CI 

'A 



128- 



K 

^256 



-128 



MDSh 



134^} 



135 



133 133 



128 



133133 



128 



131- 
iC2 

] A: 

L_^135_ 



MDSh 



134^} 



[SP][S/Pj[SPj[SP] 



1 

-132! 



-132 1 



FIG. 11 



128 



K 

^256 



131- 



MDSh 



134^} 



128 



128 



133 133 133133 



C1-^E3 — 136 



128 



131- 



MDSh 



[SPj[s;Pj[SPj[SP] 



134- 



128 




C2->SM36 



1 

-132! 



-132 1 



L__ 



FIG. 12 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 7 OF 31 



J3_ *8__ >8_ >8 

j 14J \ 14 U 1 41 j 



141r~ S 



I 



FIG. 13 



142f 



133 



MDSi 



if 



!143 



141-H s 
I 



^ 141^ 



___-:_8__ 



143 
141 



143^ 
141 



FIG. 14 





MDS[_ 


f 8 




F8 1 


:8 f 8 



-CONSTANT 



-133 



FIG. 15 



C1 


( H2, H0.H1.H1 ) 


C2 


( H3, H2, HO, H3 ) 


C3 


( H1, HO, HO, HO ) 


C4 


( H1,H0,H1,H3 ) 


C5 


( HO, H1, HO, H2 ) 


C6 


( H3, H2, HO, HO ) 


C7 


( H1,H2,H1,H0 ) 


C8 


( H2.H1.H2.H3 ) 


C9 


( H2.H1.H0, HO ) 


C10 


( HI, HI, HI, H2 ) 


C11 


( H3.H1, H1.H2 ) 


C12 


( H1,H1,H2,H0 ) 


C13 


( H1,H3,H3,H1 ) 


C14 


( H2,H3,H3,H1 ) 


C15 


( H1,H3,H1,H0 ) 


C16 


( H1,H0,H0,H3 ) 


C17 


( H1,H2,H0,H3 ) 



WHERE 

HO =(5A827999) H 

= lV2/4x2 32 j 
H1 =(6ED9EBA1) H 
= lV5/4x2 32 j 

H2 =(8F1BBCDC) H 
= l V5/4x2 32 j 

H3 = (CA62C1D6) H 
= l^10/4x2 32 j 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET _8_ OF 31 



INPUT WORD 



200 



MSB S 


RETURN WORD 


MSB S 


RETURN WORD 



MSB S 



RETURN WORD 



CARRY RETURN UNIT 

T" 
201 



COEFFICIENT 



MULTIPLIER 


204 

s • 


) 

203 


EX-OR UNIT 










OUTPUT WORD 



202 



GALOIS FIELD 
MULTIPLIER 



FIG. 16 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 9 O F 31 




OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 10 OF 31 



FIRST INPUT WORD 



n-TH INPUT WORD 



11 -TH ELEMENT 



12-TH ELEMENT 



(1n)-TH ELEMENT 



FIG. 18 



(n1)-TH ELEMENT 



FIRST 

OUTPUT 

WORD 



(n2)-TH ELEMENT 



SECOND 
OUTPUT 
WORD 



(nn)-TH ELEMENT 



n-TH 

OUTPUT 

WORD 





ELEMENT GENERATOR 








SMALL DETERMINANT CALCULATION UNIT 








DISCRIMINATION UNIT 


MDS MATRIX 


G. 


19 





-231 



-233 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 11 OF 31 



(start) 

\ 

GENERATE NEW MATRIX 
ELEMENT CANDIDATE 



YES 



CALCULATE 1 ST-ORDER SMALL 
DETERMINANT 




CALCULATE 2ND-0RDER SMALL 
DETERMINANT ? 




CALCULATE nTH-ORDER SMALL 
DETERMINANT ? 




DETERMINE CANDIDATE AS MDS 
MATRIX AND OUTPUT THAT MATRIX 



FIG. 20 



( END ) 



OBLON, SPIVAK, ET AL 
DOCKET #: 210S80US2SRD 
INV:KenjiOHKUMA,etal. 
SHEET 12 OF 31 



FIG. 21 



ELEMENT GENERATOR 



SMALL DETERMINANT 
COMPUTATION UNIT 

t 



-231 



-232 



DISCRIMINATION UNIT 



1 MPS MATR IX 



INVERSE MATRIX 
GENERATOR 

X 



INVERSE MATRIX 
DISCRIMINATION UNIT 



T 

INVERSE MATRIX 



-233 



-234 



-235 



(start) 



GENERATE MDS MATRIX HAVING 
ELEMENTS OF t-TH ORDER OR LESS 



I 



GENERATE INVERSE MATRIX ? 



-S11 



-S12 



S13 

DOES " 
INVERSE MATRIX 
ALSO HAVE ELEMENTS OF 
t-TH ORDER OR 
. LESS ? 

fYES 



OUTPUT MDS MATRIX AND 
ITS INVERSE MATRIX 



-S14 



FIG. 22 



( END ) 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 13 O F 31 



(start) 




OUTPUT COMBINATION OF S-BOX 
AND MDS 



-S27 



( END ) 

FIG. 23 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 14 OF 31 



1102- 
1104- 

1102- 
1104- 

1102- 



1103 1 103^128 1 1 03 1103 



XS" 



XS" 



XS" 



256 

/ 



MDS H " 



-128 



MDS H ~ 



1103 1103 

=3b 



XS 



-1 



XS 



1103 1103 

i' , , l 



XS" 



XS" 



FIG. 24 



1105-O 



-128 



256 



128, 



128 



e R+1 



256 



KSi 



-121 



256 



— 1> — 

XS -1 


— 

XS -1 


1 — 1^— 
xs~ 1 


— \— 

XS" 1 


256 
K k R-1 


KS R-1 



KS R 



I 



—121 



KS R+1 —121 



1111- 

1103- 
11 12+1 S" 1 



T 



32 a 

U ; / k? [j] 



1113j [ MDS L - 1 

I 



FIG. 25 



1112-j- S - 1 



^8 |8 |8 ^8 



32 o 
kf [j] 



_i 



j=1 . 2, 3, 4 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 15 OF 31 



^32 



1 103- 
1 104- 



XS" 



g H 2 f 3 ; 2 ^ 6 k ; 



XS" 



xs- 



XS" 



T t t t 



MDS H "1 



FIG. 26 



~|^32 ^32 ^32 ^32 




C15 
I 2 ? A 


SP 


-1 











1135 l+: 
1134 



FIG. 27 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 16 O F 31 



CDt— 



~B- 
-B-o 
--B- s 
--B- 



-B- 

-B- 
-B- 



--B- 

--B- 8 

--B- 



--B- 
--B- 



-B- 



-B- 



-ra- co 



--B- 

~B- 



-B- 

-B 
-B! 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 17 OF 31 



CO I 

Ot— 

















-ET 








-EH 


-ET 








■ -ET 




-0" 






-ET 








I ^j- 








-■0- 


-ET 


--EK 




-&= 




~& 





C5"> 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 18 OF 31 



^1- 

I 

CXI 




OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET _19_OF_31_ 



-3" 




OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 20 OF 31 




OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 21 OF 31 



I 




I 

O 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 22 OF 31 




OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 23 OF 31 




OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 24 OF 31 




OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 25 OF 31 



X1 X2 X3 X4 

(X1 1 ~X1 4) (X21-X24) (X31-X34) (X41-X44) 

UU 1111 UU 1111 



MDSu 



104-1-104-8 



I i I I 1 i I i i I I I 1 I i I 
(Y11-Y14) (Y21-Y24) (Y31-Y34) (Y41 ~Y44) 

Y1 Y2 Y3 Y4 



r 5 E A 5 ^ 




^X1] 




[Y11 




5 5 E A 




X2 




Y2 




A 5 5 E 




X3 




Y3 




E A 5 5 




X4 . 




Y4 





FIG. 37 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET _26_ OF_31 




OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 27 OF 31 



FIG. 39A 



FIG. 39B 



FIG. 39C 



FIG. 39D 




OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 28 O F 31 



NO 



CREATE NEXT MDS MATRIX 


^^RVN 
^ CONDI 
SATIS 


S102 
-IN^< 
TION ^> 
FIED 

YES 


CREATE INVERSE MATRIX 







S104 



NO 



FAN- IN 
CONDITION 
SATISFIED 
? 

YES 



c 



CANDIDATE 



3 



FIG. 40 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 29 O F 31 



32 32 32 32 



XS XS XS XS 



MDS H 



XS XS XS XS 



MDS H 



XS 



XS 



XS 



J ! L 



MDS H 



XS XS XS XS 



0 G O 0 



32 32 32 32 



KEY 



/8 /ft /ft /f 



0 0 0 0 



S S S S 



MDS|_ 



0 0 0 0 



s s s s 



/8 / 



FIG. 41 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET 30 OF 31 



32 32 



XS 



XS 



MDS H 



XS XS 



MDS H 



XS 



J L 



MDS H 



XS 



XS 



0 0 <= 



32 32 



KEY 



0 0 0 0 



MDS L 



0 0 0 0 



s s s s 



FIG. 42 



OBLON, SPIVAK, ET AL 
DOCKET #: 210580US2SRD 
INV: Kenji OHKUMA, et al. 
SHEET _31_OF_31_ 



SHARE KEY 



PLAIN- 



TEXT 



ENCRYPTED \ 
TEXT____A_PLAIN- 
TEXT 




FIG. 43 



314 LAN 

\ 



DATA 
SERVER 



31 1 



COMPUTER 



ENCRYPT 
AND SAVE 



-313 



FIG. 44 



READ OUT 
AND DECRYPT 



READ OUT 
AND DECRYPT 



COMPUTER 



-312 



DELIVER 



ENCRYPTION 
APPARATUS 

s 

321 



FIG. 45 



T 

322 

RECORDING 
MEDIUM 




DECRYPTION 
APPARATUS 



322 ^ 
RECORDING 323 
MEDIUM 



